public void ChangeThePassword(String newPass)
{
dbcon = new Conf.dbs();
ecr = new Conf.Crypto();
con = new MySqlConnection(dbcon.getConnectionString());
con.ConnectionString = dbcon.getConnectionString();
String query = "UPDATE user_account SET user_password = ?user_password ";
query += "WHERE user_id = ?user_id";
try
{
con.Open();
MySqlCommand cmd = new MySqlCommand(query, con);
ecr.Hashed(newPass);
String hashpass = ecr.retreiveHash();
cmd.Parameters.AddWithValue("?user_password", hashpass);
cmd.Parameters.AddWithValue("?user_id", this.catchUserID());
cmd.ExecuteNonQuery();
cmd.Dispose();
}
finally
{
con.Close();
}
}
public Boolean canExit()
{
Boolean yes = false;
String hashed = "";
POSDAO = new DAO.PosDAO();
crypt = new Conf.Crypto();
crypt.Hashed(Pos_password);
hashed = crypt.RefretreiveHash();
yes = POSDAO.canPass(Pos_user, hashed);
return(yes);
}
public void Add(Int32 user_id, String user_name, String user_password, String first_name, String middle_name, String last_name)
{
crypts = new Conf.Crypto();
con = new MySqlConnection();
dbcon = new Conf.dbs();
con.ConnectionString = dbcon.getConnectionString();
String query1 = "INSERT INTO user_account (user_id, user_name, user_password, date_created) VALUES";
query1 += "(?user_id, ?user_name, ?user_password, ?date_created)";
String query2 = "INSERT INTO user_information (user_id, first_name, middle_name, last_name) VALUES";
query2 += "(?user_id, ?first_name, ?middle_name, ?last_name)";
String query3 = "INSERT INTO user_access_restrictions (user_id) VALUES";
query3 += "(?user_id)";
try
{
con.Open();
crypts.Hashed(user_password);
passcrypt = crypts.retreiveHash();
MySqlCommand cmd1 = new MySqlCommand(query1, con);
MySqlCommand cmd2 = new MySqlCommand(query2, con);
MySqlCommand cmd3 = new MySqlCommand(query3, con);
cmd1.Parameters.AddWithValue("?user_id", user_id);
cmd1.Parameters.AddWithValue("?user_name", user_name);
cmd1.Parameters.AddWithValue("?user_password", passcrypt);
cmd1.Parameters.AddWithValue("?date_created", DateTime.Now.ToLongDateString() + " at " + DateTime.Now.ToLongTimeString());
cmd2.Parameters.AddWithValue("?user_id", user_id);
cmd2.Parameters.AddWithValue("?first_name", first_name);
cmd2.Parameters.AddWithValue("?middle_name", middle_name);
cmd2.Parameters.AddWithValue("?last_name", last_name);
cmd3.Parameters.AddWithValue("?user_id", user_id);
cmd1.ExecuteNonQuery();
cmd1.Dispose();
cmd2.ExecuteNonQuery();
cmd2.Dispose();
cmd3.ExecuteNonQuery();
cmd3.Dispose();
}
finally
{
con.Close();
}
}
public bool isAuth(String user_name, String user_password)
{
con = new MySqlConnection();
crypts = new Conf.Crypto();
dbcon = new Conf.dbs();
bool isAuth = false;
String crypt = "";
con.ConnectionString = dbcon.getConnectionString();
String sql = "SELECT * FROM user_account ";
sql += "WHERE user_name = ?user_name AND user_password = ?user_password";
try
{
con.Open();
crypts.Hashed(user_password);
crypt = crypts.retreiveHash();
MySqlCommand cmd = new MySqlCommand(sql, con);
cmd.Parameters.Add("?user_name", MySqlDbType.VarChar, 35).Value = user_name;
cmd.Parameters.Add("?user_password", MySqlDbType.VarChar, 45).Value = crypt;
Validate(user_name);
Validate(user_password);
MySqlDataReader rdr = cmd.ExecuteReader();
if (rdr.Read())
{
isAuth = true;
}
else
{
isAuth = false;
}
}
finally
{
con.Close();
}
return(isAuth);
}
public void resetPassword(String user_name)
{
crypts = new Conf.Crypto();
con = new MySqlConnection();
dbcon = new Conf.dbs();
con.ConnectionString = dbcon.getConnectionString();
String query = "UPDATE user_account SET user_password = ?user_password";
query += " WHERE user_name = ?user_name";
try
{
con.Open();
crypts.Hashed(defaultPassword);
passcrypt = crypts.retreiveHash();
MySqlCommand cmd = new MySqlCommand(query, con);
cmd.Parameters.AddWithValue("?user_password", passcrypt);
cmd.Parameters.AddWithValue("?user_name", user_name);
cmd.ExecuteNonQuery();
}
finally
{
con.Close();
}
}